public async Task AuthenticateWithUserPassKeyValueV2_GetNotFoundSecret_Fails()
{
// Arrange
string secretPath = "mysecret";
string secretName = "my-value";
string expected = "s3cr3t";
string userName = "******";
string password = "******";
using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, DefaultDevMountPoint))
{
await server.KeyValueV2.WriteSecretAsync(
mountPoint : DefaultDevMountPoint,
path : secretPath,
data : new Dictionary <string, object> {
["unknown-prefix-" + secretName] = expected
});
var authentication = new UserPassAuthMethodInfo(userName, password);
var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication);
var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions
{
KeyValueMountPoint = DefaultDevMountPoint,
KeyValueVersion = VaultKeyValueSecretEngineVersion.V2
}, NullLogger <HashiCorpSecretProvider> .Instance);
// Act
string actual = await provider.GetRawSecretAsync(secretName);
// Assert
Assert.Null(actual);
}
}
public async Task GetRawSecret_WithoutSecretName_Throws(string secretName)
{
// Arrange
var provider = new HashiCorpSecretProvider(
new VaultClientSettings("https://vault.server:246", new TokenAuthMethodInfo("vault.token")),
secretPath: "secret/path",
options: new HashiCorpVaultOptions(),
logger: null);
// Act / Assert
await Assert.ThrowsAnyAsync <ArgumentException>(() => provider.GetRawSecretAsync(secretName));
}
private static SecretStoreBuilder AddHashiCorpVault(
SecretStoreBuilder builder,
VaultClientSettings settings,
string secretPath,
HashiCorpVaultOptions options,
Action <SecretProviderOptions> configureSecretProviderOptions)
{
AddHashiCorpCriticalExceptions(builder);
return(builder.AddProvider(serviceProvider =>
{
var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >();
var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger);
return provider;
}, configureSecretProviderOptions));
}
private static SecretStoreBuilder AddHashiCorpVault(
SecretStoreBuilder builder,
VaultClientSettings settings,
string secretPath,
HashiCorpVaultOptions options,
Func <string, string> mutateSecretName)
{
// Thrown when the HashiCorp Vault's authentication and/or authorization fails.
builder.AddCriticalException <VaultApiException>(exception =>
{
return(exception.HttpStatusCode == HttpStatusCode.BadRequest ||
exception.HttpStatusCode == HttpStatusCode.Forbidden);
});
return(builder.AddProvider(serviceProvider =>
{
var logger = serviceProvider.GetService <ILogger <HashiCorpSecretProvider> >();
var provider = new HashiCorpSecretProvider(settings, secretPath, options, logger);
return provider;
}, mutateSecretName));
}
public async Task AuthenticateWithUserPassKeyValueV1_GetSecret_Succeeds()
{
// Arrange
string secretPath = "mysecret";
string secretName = "my-value";
string expected = "s3cr3t";
string userName = "******";
string password = "******";
const string mountPoint = "secret-v1";
const VaultKeyValueSecretEngineVersion keyValueVersion = VaultKeyValueSecretEngineVersion.V1;
using (HashiCorpVaultTestServer server = await StartServerWithUserPassAsync(userName, password, mountPoint))
{
await server.MountKeyValueAsync(mountPoint, keyValueVersion);
await server.KeyValueV1.WriteSecretAsync(
mountPoint : mountPoint,
path : secretPath,
values : new Dictionary <string, object> {
[secretName] = expected
});
var authentication = new UserPassAuthMethodInfo(userName, password);
var settings = new VaultClientSettings(server.ListenAddress.ToString(), authentication);
var provider = new HashiCorpSecretProvider(settings, secretPath, new HashiCorpVaultOptions
{
KeyValueMountPoint = mountPoint,
KeyValueVersion = keyValueVersion
}, NullLogger <HashiCorpSecretProvider> .Instance);
// Act
string actual = await provider.GetRawSecretAsync(secretName);
// Assert
Assert.Equal(expected, actual);
}
}
